From 9c521767760d2a3edba4e133e69b1910d79311c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg2@elzevir.fr>
Date: Tue, 27 Oct 2015 10:54:53 +0100
Subject: [PATCH] Fix potential double-free in ssl_set_psk()

Internal ref: IOTSSL-517
---
 ChangeLog         | 7 +++++++
 library/ssl_tls.c | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 3ca926813..78664d054 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 1.3.15 released 2015-10-xx
+
+Security
+   * Fix potential double free if ssl_set_psk() is called more than once and
+     some allocation fails. Cannot be forced remotely. Found by Guido Vranken,
+     Intelworks.
+
 = mbed TLS 1.3.14 released 2015-10-06
 
 Security
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7fc9d9908..166b116e7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4058,6 +4058,8 @@ int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
     {
         polarssl_free( ssl->psk );
         polarssl_free( ssl->psk_identity );
+        ssl->psk = NULL;
+        ssl->psk_identity = NULL;
     }
 
     if( ( ssl->psk = polarssl_malloc( psk_len ) ) == NULL ||